Introduction:
1、Did Chinese hackers target Indian govt, Air India, Reliance? Everything about iSoon leak
2、The U.S. is trying to unravel a hacking plot that targeted climate activists
Did Chinese hackers target Indian govt, Air India, Reliance? Everything about iSoon leak ♂
A Chinese state-linked hacker group boasted of targeting key offices of the Indian government, including the “PMO” (likely the Prime Minister’s Office), and businesses like Reliance Industries Limited and Air India, according to leaked data reviewed by India Today’s Open-Source Intelligence (OSINT) team.
Thousands of documents, images, and chat messages associated with iSoon — an alleged cybersecurity contractor with China’s Ministry of Public Security (MPS) — were posted anonymously on GitHub over the weekend.
iSoon and Chinese police launched an investigation to ascertain how the files were leaked, two employees of the contractor told the Associated Press (AP). One of the employees said iSoon held a meeting on February 21 about the leak and were told it wouldn’t affect business too much and to “continue working as normal”, the news agency reported.
The leak unveils a complex network of clandestine hacks, spyware operations, and elaborate surveillance by Chinese government-linked cyber threat actors.
A machine-translated version of the leaked internal documents, originally in Mandarin, shows attackers documenting their modus operandi, targets, and exploits. Targets ranged from NATO, European government, and private institutions to Beijing’s allies like Pakistan.
Although the leak mentions targets of the cyberespionage operation, India Today didn’t find samples of the stolen data itself in the leak. It also does not specify the extent of penetration and duration of attacks on individual targets in all cases.
Indian targets
The leaked data mentions Indian targets like the Ministry of Finance, the Ministry of External Affairs, and the “Presidential Ministry of the Interior”, which likely refers to the Ministry of Home Affairs. The advanced persistent threat (APT) or hacker groups retrieved 5.49GB of data relating to various offices of the “Presidential Ministry of the Interior” between May 2021 and October 2021, at the height of India-China border tensions.
“In India, the main work targets are the ministry of foreign affairs, ministry of finance, and other relevant departments. We continue to track this area in depth and can tap its value in the long term,” reads the translated India section of what appears to be an internal report prepared by iSoon.
User data of state-run pension fund manager, the Employees' Provident Fund Organisation (EPFO), state telecom operator Bharat Sanchar Nigam Limited (BSNL), and private healthcare chain Apollo Hospitals were also allegedly breached. Air India’s stolen data pertains to details of daily check-in by passengers.
About 95GB of India’s immigration details from 2020, described as “entry and exit points data”, were also referred to in the leaked documents. Notably, 2020 saw an escalation in India-China relations following the Galwan Valley clash.
“India has always been a huge focus of the Chinese APT side of things. The stolen data naturally includes quite a few organisations from India, including Apollo Hospital, people coming in and out of the country in 2020, the Prime Minister's Office, and population records,” Taiwanese researcher Azaka, who first highlighted the GitHub leak, told India Today.
John Hultquist, the chief analyst at Google Cloud-owned Mandiant Intelligence, was quoted by the Washington Post saying the online dump was “authentic data of a contractor supporting global and domestic cyber espionage operations out of China”. “We rarely get such unfettered access to the inner workings of any intelligence operation,” he said.
Friends to foes — everyone is on China’s target
Apart from India, Beijing also allegedly targeted its “all-weather friend” Pakistan. Other apparent targets include Nepal, Myanmar, Mongolia, Malaysia, Afghanistan, France, Thailand, Kazakhstan, Turkiye, Cambodia, and the Philippines, among others.
As per the leaked dataset, as much as 1.43GB of postal service data from the “Anti-Terrorism Centre” in Pakistan’s Punjab province was obtained by the Chinese hacker group between May 2021 and January 2022. The documents also indicate that the Chinese government sanctioned snooping on Pakistan’s Ministry of Foreign Affairs and telecommunication company Zong.
Huge amounts of data were also allegedly stolen from Nepal Telecom, Mongolia’s Parliament and police departments, a French university, and Kazakhstan's pension managing authority. The hackers also allegedly accessed the official systems of the Tibetan government-in-exile and its domain, Tibet.net.
For years, hacking groups linked to China’s Communist Party, like Mustang Panda or APT41, have been running malicious campaigns, targeting organisations and countries including the US to gather intelligence. The US recently launched an operation to fight a pervasive Chinese hacking operation that compromised thousands of internet-connected devices.
The U.S. is trying to unravel a hacking plot that targeted climate activists ♂
A yearslong U.S. Justice Department investigation of a global hacking campaign that targeted prominent American climate activists took a turn in a London court this week amid an allegation that the hacking was ordered by a lobbying firm working for ExxonMobil. Both the lobbying firm and ExxonMobil have denied any awareness of or involvement with alleged hacking.
The hacking was allegedly commissioned by a Washington, D.C., lobbying firm, according to a lawyer representing the U.S. government. The firm, in turn, was allegedly working on behalf of one of the world's largest oil and gas companies, based in Texas, that wanted to discredit groups and individuals involved in climate litigation, according to the lawyer for the U.S. government. In court documents, the Justice Department does not name either company.
As part of its probe, the U.S. is trying to extradite an Israeli private investigator named Amit Forlit from the United Kingdom for allegedly orchestrating the hacking campaign. A lawyer for Forlit claimed in a court filing that the hacking operation her client is accused of leading "is alleged to have been commissioned by DCI Group, a lobbying firm representing ExxonMobil, one of the world's largest fossil fuel companies."
Forlit has previously denied ordering or paying for hacking.
The Justice Department did not immediately respond to a request for comment.
According to a source familiar with the U.S. probe who was not authorized to speak publicly, the U.S. has investigated DCI's possible role in the hacking. Reuters and The Wall Street Journal previously reported that the U.S. government has investigated DCI.
DCI lobbied for ExxonMobil for about a decade, according to federal lobbying records. NPR has not been able to confirm what, if any, links the Justice Department may have thought DCI had with the hacking campaign. NPR has not found any indications that the Justice Department has investigated ExxonMobil in relation to this case.
DCI and ExxonMobil declined to comment on the allegations made in the London hearing. Both companies referred NPR back to statements they had provided earlier in our investigation.
Craig Stevens, a partner at DCI, said in an email that no one at the firm has been questioned by the U.S. government as part of the hacking investigation. "Allegations of DCI's involvement with hacking supposedly occurring nearly a decade ago are false and unsubstantiated. We direct all our employees and consultants to comply with the law," Stevens said. "Meanwhile, radical anti-oil activists and their donors are peddling conspiracy theories to distract from their own anti-U.S. energy activities."
ExxonMobil spokesperson Elise Otten said in an emailed statement that the company "has not been involved in, nor are we aware of, any hacking activities. If there was any hacking involved, we condemn it in the strongest possible terms."
In a court document arguing for Forlit's extradition, the lawyer for the U.S. government described a sophisticated hacking operation that spanned continents. Forlit ran security companies that gathered information using various methods, including hiring "co-conspirators to hack into email accounts and devices," according to the court filing.
A lawyer representing the U.S. government revealed in the court filing that Forlit has been indicted in the U.S. on charges of conspiracy to commit computer hacking, conspiracy to commit wire fraud, and wire fraud, according to the court filing in London.
Climate activists who were targeted by hackers say the plot that U.S. officials have been trying to unravel was aimed at disrupting their efforts to fight climate change by pushing governments and society to slash the use of fossil fuels like oil and coal.
"It was undoubtedly designed to intimidate and scare advocates from continuing their work to hold these major oil companies accountable for the decades of deception that they're responsible for," says Lee Wasserman, director of the Rockefeller Family Fund and one of the hacking victims.
The fossil fuel industry faces dozens of lawsuits filed by states and localities accusing companies of misleading the public about the risks of climate change. The industry says that those lawsuits are meritless and politicized and that climate change is an issue that should be dealt with by Congress, not the courts.
The potential impact on civil society of hacking-for-hire operations is grave, according to cybersecurity and legal experts.
"Nothing is more powerful at chilling speech and encouraging self-censorship than the feeling that your entire digital world, which probably touches your whole world, could be invaded by people who mean you harm simply because of what you're doing at work," says John Scott-Railton, a senior researcher at the Citizen Lab, a cyber watchdog at the University of Toronto that analyzed the attacks. "Simply because you're concerned about rising sea levels."
The U.S. hacking investigation became public in 2019 with the arrest in New York of a business associate of Forlit's named Aviram Azari. A former Israeli police officer and private investigator, Azari eventually pleaded guilty to conspiracy to commit computer hacking, wire fraud and aggravated identity theft.
The hackers Azari hired didn't target just American climate activists, according to federal prosecutors. They also attacked government officials in Africa, members of a Mexican political party and critics of a German company called Wirecard.
U.S. District Judge John Koeltl sentenced Azari in November 2023 to more than six years in prison and ordered him to forfeit more than $4.8 million that prosecutors allege he was paid for managing the hacking campaigns.
At Azari's sentencing, federal prosecutors did not say who they believed had hired Azari to target the climate activists. The Justice Department stated in a sentencing memo that ExxonMobil was the beneficiary of the information that the attacks revealed.
Federal prosecutors asserted in the Azari sentencing memo that information stolen from climate activists was leaked to the media, resulting in news stories that "appeared designed to undermine" state climate investigations of ExxonMobil. The company's lawyers used the news stories in court as part of their defense against the state investigations, prosecutors said.
ExxonMobil said in a statement at the time that it had done nothing wrong. "ExxonMobil has no knowledge of Azari nor have we been involved in any hacking activities," the company said.
The sentencing memo in Azari's case noted a private email among climate activists that surfaced in the media in 2016. The email described plans for a closed-door meeting in New York among leading climate activists, including writer and organizer Bill McKibben and Peter Frumhoff, then the chief climate scientist at the Union of Concerned Scientists, a watchdog and research group. The meeting's goal, according to the email, was to sharpen attacks on ExxonMobil and convince the public that the company is a "corrupt institution" that pushed the world toward "climate chaos and grave harm." It also raised the prospect of legal action through state attorneys general and the Justice Department.
ExxonMobil and some Republican lawmakers cited the document as they tried to fight off state climate investigations, saying activists and prosecutors colluded to advance a political agenda.
Azari was sent to a federal prison in New Jersey in 2023. Five months later, Forlit was arrested in London. The Justice Department has been working through British lawyers to have Forlit extradited to the U.S. to face criminal prosecution "arising from a 'hacking-for-hire' scheme," court documents show.
One of Forlit's clients from 2013 to 2018 was an unnamed "D.C. Lobbying Firm," the court filing says. That firm "acted on behalf of one of the world's largest oil and gas corporations, centred in Irving, Texas," the document says. The company, in particular, wanted to discredit people and organizations engaged in climate change litigation against it, a lawyer for the U.S. wrote. Until mid-2023, ExxonMobil was headquartered in Irving, Texas.
A lawyer representing the U.S. alleged that the lobbying firm gave Forlit targets to hack. The lawyer said there's a "strong circumstantial case" that Forlit gave the list of at least 128 targets to Azari, who then hired hackers in India.
Forlit and Azari both referred to the operation as "Fox Hunt," the lawyer for the U.S. said in the London court filing. The hacking obtained "non-public documents which were provided to the oil and gas company and published as part of a media campaign to undermine the integrity of civil investigations," according to the filing.
DCI, the public affairs firm that Forlit's lawyer said her client allegedly worked for, has a long history working for the fossil fuel industry.
The firm worked for a nonprofit that supports the U.S. coal industry. And one of DCI's executives was identified as a spokesman for a group that backed the controversial Dakota Access oil pipeline.
In the early 2000s, ExxonMobil provided funding for a website DCI published called Tech Central Station, which the Union of Concerned Scientists called a "hybrid of quasi-journalism and lobbying." And from 2005 until early 2016, ExxonMobil paid DCI around $3 million to lobby the federal government, according to lobbying disclosures.
The lawyer for the U.S. government said in an extradition statement that the hacking operation started in late 2015. At that time, the oil and gas industry was facing a mounting backlash. Stories by investigative journalists in 2015 revealed that ExxonMobil's own scientists warned top executives about dire risks from climate change as early as the 1970s. Despite those warnings, the oil company went on to lead a decades-long campaign to sow public confusion about global warming. Activists seized on the reports, popularizing the hashtag #ExxonKnew to argue that ExxonMobil knew about human-caused climate change despite denying it publicly.
In Washington, D.C., Democrats urged the Justice Department to investigate whether ExxonMobil misled the public about climate change. And a group of state attorneys general banded together to find "creative ways to enforce laws being flouted by the fossil fuel industry and their allies," New York's attorney general said in early 2016.
Since then, dozens of lawsuits have been filed in the U.S. against ExxonMobil and other fossil fuel corporations, largely by Democratic-led states and towns. They allege the industry misled the public for decades about the dangers of burning fossil fuels, the primary cause of climate change. The lawsuits seek damages to help communities cope with climate risks and damages.
Forlit's lawyer, Rachel Scott, focused on the litigation against ExxonMobil in her opening arguments in London. She said the U.S. is trying to prosecute Forlit in part "to advance the politically-motivated cause of pursuing ExxonMobil."
The U.S. government is not part of the climate lawsuits filed by states and localities.
It has been years since the climate activists were targeted by hackers, but finding out who directed and paid for the operation is still vital, says Matt Pawa, an environmental lawyer and hacking victim.
Related questions
Hiring a hacker to access a cell phone is illegal, unethical, and poses significant risks. Here’s a breakdown of key considerations and alternatives:
Legal and Ethical Concerns
- Illegality: Unauthorized access to a device violates laws like the U.S. Computer Fraud and Abuse Act (CFAA) and similar laws globally. Penalties include fines, imprisonment, and civil liability.
- Ethical Issues: Violating privacy—even with good intentions—can damage trust and relationships. Monitoring someone without consent is generally unethical.
Risks of Hiring a Hacker
- Scams: Many "hackers" online are fraudsters who may steal your money/data or blackmail you.
- Legal Liability: You could face charges as an accomplice in illegal activities.
Legal Alternatives
- Parental Monitoring: Use legitimate apps (e.g., Google Family Link, Apple Screen Time) with consent for minor children.
- Recovering a Lost Phone: Leverage built-in tools like Find My iPhone (Apple) or Find My Device (Android).
- Cybersecurity Help: Contact reputable firms for issues like data recovery or malware removal (with proof of ownership).
- Suspected Infidelity/Employee Issues: Address concerns through communication or legal channels (e.g., court-approved monitoring in specific cases).
If Your Phone Is Hacked
- Reset the Device: Perform a factory reset after backing up data.
- Update Credentials: Change passwords and enable 2FA.
- Contact Providers: Alert your mobile carrier and bank if financial data is compromised.
- Report to Authorities: File a report with law enforcement or cybersecurity agencies.
Conclusion
Avoid illegal hacking services. Prioritize legal, ethical solutions to address your needs. If privacy or security is a concern, consult cybersecurity professionals or use official tools.
评论已关闭